EUVD-2017-0139

Malware in sbrugna...

SUSE CVE-2016-6305

The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service infinite loop by triggering a zero-length record in an SSLpeek call...

SUSE CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

Urllib3 Incorrect Certificate Validation

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

GHSA-V4W5-P2HG-8FH6 Urllib3 Incorrect Certificate Validation

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

SUSE: Security Advisory (SUSE-SU-2019:0334-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : nginx (SUSE-SU-2019:0334-1)

This update for nginx to version 1.14.2 fixes the following issues : Security vulnerabilities addressed : CVE-2018-16843 CVE-2018-16844: Fixed an issue whereby a client using HTTP/2 might cause excessive memory consumption and CPU usage bsc1115025 bsc1115022. CVE-2018-16845: Fixed an issue which...

Amazon Linux AMI : openssl (ALAS-2018-1016)

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

openSUSE: Security Advisory for tboot (openSUSE-SU-2017:3100-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2017-3730

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

Design/Logic Flaw

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

CVE-2017-3733

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

CVE-2017-3731

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; user...

CVE-2017-3730 Bad (EC)DHE parameters cause a client crash

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack...

CVE-2016-7054 ChaCha20/Poly1305 heap-buffer-overflow

In OpenSSL 1.1.0 before 1.1.0c, TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS...

CVE-2017-3733 Encrypt-Then-Mac renegotiation crash

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake or vice-versa then this can cause OpenSSL 1.1.0 before 1.1.0e to crash dependent on ciphersuite. Both clients and servers are affected...

OpenSSL 1.1.0 - Remote Client Denial of Service Exploit

Exploit for multiple platform in category dos / poc // Source: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/ / SSL server demonstration program Copyright C 2006-2015, ARM Limited, All Rights Reserved...

Code injection

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...

CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. Thi...